Skip to content

Commit

Permalink
Initial working prototype; res.yaml for one event
Browse files Browse the repository at this point in the history
  • Loading branch information
anushkamittal20 committed Jul 23, 2021
1 parent feb6117 commit deb12c8
Show file tree
Hide file tree
Showing 3 changed files with 57 additions and 49 deletions.
3 changes: 3 additions & 0 deletions outputs/client.go
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,8 @@ import (
"regexp"
"strings"

crdClient "github.com/anushkamittal20/falcoadapter/pkg/generated/v1alpha2/clientset/versioned"

gcpfunctions "cloud.google.com/go/functions/apiv1"
"github.com/streadway/amqp"
wavefront "github.com/wavefronthq/wavefront-sdk-go/senders"
Expand Down Expand Up @@ -97,6 +99,7 @@ type Client struct {
KubernetesClient kubernetes.Interface
RabbitmqClient *amqp.Channel
WavefrontSender *wavefront.Sender
Crdclient *crdClient.Clientset
}

// NewClient returns a new output.Client for accessing the different API.
Expand Down
65 changes: 16 additions & 49 deletions outputs/policyadapter.go
Original file line number Diff line number Diff line change
Expand Up @@ -3,51 +3,35 @@ package outputs
import (
"context"
"fmt"
"log"

"github.com/DataDog/datadog-go/statsd"
"github.com/anushkamittal20/falcoadapter/pkg/apis/wgpolicyk8s.io/v1alpha2"
clusterpolicyreport "github.com/anushkamittal20/falcoadapter/pkg/apis/wgpolicyk8s.io/v1alpha2"
crdClient "github.com/anushkamittal20/falcoadapter/pkg/generated/v1alpha2/clientset/versioned"
"github.com/falcosecurity/falcosidekick/types"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/client-go/kubernetes"
"k8s.io/client-go/rest"

//"log"
"github.com/DataDog/datadog-go/statsd"
"github.com/anushkamittal20/falcoadapter/pkg/apis/wgpolicyk8s.io/v1alpha2"
"github.com/falcosecurity/falcosidekick/types"
"k8s.io/client-go/tools/clientcmd"
// "github.com/google/uuid"
)

func NewPolicyReportClient(config *types.Configuration, stats *types.Statistics, promStats *types.PromStatistics, statsdClient, dogstatsdClient *statsd.Client) (*Client, error) {

if config.PolicyReport.Kubeconfig != "" {
restConfig, err := clientcmd.BuildConfigFromFlags("", config.PolicyReport.Kubeconfig)
if err != nil {
return nil, fmt.Errorf("unable to load kube config file: %v", err)
}
clientset, err := kubernetes.NewForConfig(restConfig)
restConfig, err := rest.InClusterConfig()
if err != nil {
restConfig, err = clientcmd.BuildConfigFromFlags("", config.PolicyReport.Kubeconfig)
if err != nil {
return nil, err
fmt.Printf("unable to load kube config file: %v", err)
}
return &Client{
OutputType: "PolicyReport",
Config: config,
Stats: stats,
PromStats: promStats,
StatsdClient: statsdClient,
DogstatsdClient: dogstatsdClient,
KubernetesClient: clientset,
}, nil
}
restConfig, err := rest.InClusterConfig()
clientset, err := kubernetes.NewForConfig(restConfig)
if err != nil {
return nil, fmt.Errorf("unable to load in-cluster config: %v", err)
return nil, err
}
clientset, err := kubernetes.NewForConfig(restConfig)
crdclient, err := crdClient.NewForConfig(restConfig)
if err != nil {
return nil, err
}

return &Client{
OutputType: "PolicyReport",
Config: config,
Expand All @@ -56,50 +40,33 @@ func NewPolicyReportClient(config *types.Configuration, stats *types.Statistics,
StatsdClient: statsdClient,
DogstatsdClient: dogstatsdClient,
KubernetesClient: clientset,
Crdclient: crdclient,
}, nil

}

// PolicyReportPost creates Policy Report Resource in Kubernetes
func (c *Client) PolicyReportCreate(falcopayload types.FalcoPayload) {
//to do
var crdclient *crdClient.Clientset
if c.Config.PolicyReport.Kubeconfig != "" {
restConfig, err := clientcmd.BuildConfigFromFlags("", c.Config.PolicyReport.Kubeconfig)
if err != nil {
fmt.Printf("unable to load kube config file: %v", err)
}
crdclient, err = crdClient.NewForConfig(restConfig)
if err != nil {
fmt.Printf("u %v", err)
}
}
restConfig, err := rest.InClusterConfig()
if err != nil {
fmt.Printf("unable to load in-cluster config: %v", err)
}

crdclient, err = crdClient.NewForConfig(restConfig)
if err != nil {
fmt.Printf("u %v", err)
}
ats := crdclient.Wgpolicyk8sV1alpha2().ClusterPolicyReports()
ats := c.Crdclient.Wgpolicyk8sV1alpha2().ClusterPolicyReports()
report := &clusterpolicyreport.ClusterPolicyReport{
ObjectMeta: metav1.ObjectMeta{
Name: "dummy-policy-report",
},
Summary: v1alpha2.PolicyReportSummary{
//Fail: len(controls.Alert),
Fail: 1,
},
}
report.Results = append(report.Results, newResult(falcopayload))
result, err := ats.Create(context.TODO(), report, metav1.CreateOptions{})
if err != nil {
panic(err)
log.Printf("[ERROR] : %v\n", err)
}
fmt.Printf("Created policy-report %q.\n", result.GetObjectMeta().GetName())
}

//mapping
func newResult(FalcoPayload types.FalcoPayload) *clusterpolicyreport.PolicyReportResult {
const PolicyReportSource string = "Falco"
var pri string
Expand Down
38 changes: 38 additions & 0 deletions res.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,38 @@
apiVersion: v1
items:
- apiVersion: wgpolicyk8s.io/v1alpha2
kind: ClusterPolicyReport
metadata:
creationTimestamp: "2021-07-23T06:03:12Z"
generation: 1
name: dummy-policy-report
resourceVersion: "1179"
uid: b5fa7d30-7c5f-4bef-a1ee-4a0871059eae
results:
- message: |
Grep private keys or passwords activities found (user=%user.name user_loginuid=%user.loginuid command=%proc.cmdline container_id=%container.id container_name=%container.name image=%container.image.repository:%container.image.tag)
policy: Search Private Keys or Passwords
properties:
container.id: '%container.id'
container.image.repository: '%container.image.repository'
container.image.tag: '%container.image.tag'
container.name: '%container.name'
proc.cmdline: '%proc.cmdline'
user.loginuid: '%user.loginuid'
user.name: '%user.name'
result: fail
severity: medium
source: Falco
timestamp:
nanos: 391227257
seconds: 12
summary:
error: 0
fail: 1
pass: 0
skip: 0
warn: 0
kind: List
metadata:
resourceVersion: ""
selfLink: ""

0 comments on commit deb12c8

Please sign in to comment.